---
title: "Multiple AWS accounts"
---

In this guide you will set up Digger to use completely segregated AWS accounts for Dev and Prod environments

## Prerequisites

- 2 Terraform projects with remote backends - [example repo](https://github.com/diggerhq/demo-aws-multiacc)
- 2 pairs of AWS keys
- Using digger with orchestrator

## Create digger.yml file

Place `digger.yml` file in the root of your repo. Point `dir` to folders with terraform

```
projects:
- name: develop
  dir: dev
  workflow_file: digger-run-dev.yml

- name: production
  dir: prod
  workflow_file: digger-run-prod.yml
```

## Create 2 environments in GitHub

- In your GitHub repo, go to Settings > Environments
- Press "New Environment"
- Name one "development" and another "production"

In each environment, create 2 secrets corresponding to your AWS accounts:

- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`

## Create 2 Actions workflow files

- `.github/workflows/digger-run-dev.yml` for dev
- `.github/workflows/digger-run-prod.yml` for prod

Don't forget to change `environment` and the Rename step from Dev to Prod

```
name: Digger Workflow

on:
  workflow_dispatch:
  inputs:
    spec:
      required: true
    run_name:
      required: false

run-name: '${{inputs.run_name}}'

jobs:
  digger-job:
    runs-on: ubuntu-latest
    environment: development                      # CHANGE ME !!!
    permissions:
      contents: write      # required to merge PRs
      actions: write       # required for plan persistence
      id-token: write      # required for workload-identity-federation
      pull-requests: write # required to post PR comments
      issues: read         # required to check if PR number is an issue or not
      statuses: write      # required to validate combined PR status

    steps:
      - uses: actions/checkout@v4
      - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
        run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
      - uses: diggerhq/digger@vLatest
        with:
          digger-spec: ${{ inputs.spec }}
          setup-aws: true
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```

## Verify that it works

That's it! Now you can use Digger to automate your Terraform PRs.

- Create a PR that changes terraform in one of your projects
- You should see 2 Actions jobs started
- Shortly after, a comment with plan output for the affected project will be added
- You can comment `digger apply` to apply changes
- If you do so, another Action job will start to run apply
